ZS version 3.3.x breaks internet access through PPTP VPN

Home Page Forums Network Management Signal a BUG ZS version 3.3.x breaks internet access through PPTP VPN

This topic contains 0 replies, has 0 voices, and was last updated by  erick06fr 1 year, 6 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #44195

    erick06fr
    Member

    Hello everybody.

    Since Zeroshell 3.3.x upgrade , it’s no more possible to have internet access using a distant PPTP VPN gateway.
    Access to private distant ressources is fully OK, but not access to the distant internet ressouces.
    Acces using OpenVPN still remain OK (L2TP/IPsec not tested), but in any case (Android stock smartphone) PPTP is the only standard available VPN.

    Rolling back to ZS 3.2.1 solves the internet access issue with PPTP.

    Anyone with the same issue ?

    #53703

    onega
    Member

    small MTU broke packets,
    in version 3.7.1 only 40-50% sites work fine (for pptp clients), another sites not work. And for openvpn mobile client, 50% sites not work if encryption enabled (in my network).

    3 way to resolve problem:

    1)script in zeroshell sheduler, every 1 min:
    iptables -t mangle -I FORWARD -p tcp –tcp-flags SYN,RST SYN -j TCPMSS –clamp-mss-to-pmtu

    2) decrease MTU for zeroshell LANWAN and client computers:
    https://www.zeroshell.org/forum/viewtopic.php?t=4282

    3) disable MPPE encryption for PPTPl2tp:
    http://www.zeroshell.net/listing/pptp_vpn.pdf
    config example in page №3, need disable/enable some settings, and sites will be work fine.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.